Forum Discussion

Oreoluwa's avatar
Oreoluwa
Icon for Altocumulus rankAltocumulus
Sep 02, 2020

Azure MFA service integration with APM

Hi,

Do i need to have an Azure MFA Radius Server on prem to implement MFA with my APM? Can't i use the default Azure MFA service that comes with my Azure AD? On Azure AD, i could just tick boxes to choose my users who should use MFA and for what Applications. Can I do this for F5 too?

 

 

7 Replies

  • Pistle's avatar
    Pistle
    Icon for Nimbostratus rankNimbostratus

    RADIUS is a standard protocol to accept authentication requests and to process those requests. The Azure Multi-Factor Authentication Server can act as a RADIUS server. Insert it between your RADIUS client (VPN appliance) and your authentication target to add two-step verification. Your authentication target could be Active Directory, an LDAP directory, or another RADIUS server. For Azure Multi-Factor Authentication (MFA) to function, you must configure the Azure MFA Server so that it can communicate with both the client servers and the authentication target. The Azure MFA Server accepts requests from a RADIUS client, validates credentials against the authentication target, adds Azure Multi-Factor Authentication, and sends a response back to the RADIUS client. The authentication request only succeeds if both the primary authentication and the Azure Multi-Factor Authentication succeed. I would recommend, refer Managed Azure Services, to get more details about the Azure services.

    Best regards

  • while RADIUS is an option it is also possible to do this more native

     

    https://devcentral.f5.com/s/articles/Azure-Active-Directory-and-BIG-IP-APM-Integration

     

    the world is moving more and more to saml for authentication, it sure is possible to setup RADIUS server in Azure, but why not give the the native authentication method a try

    • Oreoluwa's avatar
      Oreoluwa
      Icon for Altocumulus rankAltocumulus

      Hi Boneyard, i eventually used SAML and it worked for the authentication. However, there was a new hurdle. Portal access for Azure User groups using SAML attributes. I am not sure how to go about this. Could you help please?

      • boneyard's avatar
        boneyard
        Icon for MVP rankMVP

        it has been a while but i got this worked out some time ago.

         

        within the Azure Enterprise Application you have the option to return SAML attributes. Azure calls it claims. there you can return for example groups which you can filter on at the APM level as with AD group attributes.